How to make AddressSanitizer not check third party libraries

Question

I am working on a C++ cmake project. Apart from my own source code, my project uses a lot of third party libraries. So, I am using shared libraries (with .so extension) which are present in /usr/local/lib and for some the code is present in /usr/local/include. (like I am using eigen library which is present in /usr/local/include/eigen3/).

How can I make sure that the Address Sanitizer only checks my source code and not any standard or third party libraries ??

PS : Currently, I am using Address Sanitizer like below :

ADD_COMPILE_OPTIONS(-O0 -g -Wall -fsanitize=address -fno-omit-frame-pointer)
SET(CMAKE_EXE_LINKER_FLAGS  "${CMAKE_EXE_LINKER_FLAGS} -fsanitize=address")

And I am using gcc with version :

gcc (Ubuntu 5.4.0-6ubuntu1~16.04.10) 5.4.0 20160609

Answer 1

AddressSanitizer works by inserting code during the compilation (with the -fsanitize=address flag). So most code in third party libraries your code links to will be unaffected and not checked by AddressSanitizer, as they are already built into shared library files. If 3rd party calls standard function (memset, etc.), it'll still be checked.

Code in header files and header-only libraries such as Eigen are a special case, as all Eigen code gets directly inserted into your source files (through includes) and thus is also compiled with -fsanitize=address.

As the compiler doesn't differentiate between your code and included 3rd party code, there is no way to disable sanitizers for header-only 3rd party code.

In practice this does not usually cause any issues though. When using clang, you can create a sanitize-blacklist file to hide unwanted false positives (that you cannot fix upstream). Unfortunately gcc does not yet support blacklists.